Tim Anderson's ITWriting

Tech writing blog

October 31, 2005

Sony copy protection resembles malware, claims Windows expert

Posted 3562 days ago on October 31, 2005

I have long thought that Windows is a decent operating system frequently wrecked by third-party software. This account of DRM gone badly wrong appears to be a case in point. In essence, Windows expert Mark Russinovich was surprised and disturbed to find what appeared to be a rootkit installed on one his systems. A rootkit is software installed by hackers to gain control of a system while disguising its presence so the user does not notice. With a bit of detective work (read the article) he traced the software to a CD he had recently purchased, which installs its own "player" to protect its content when ripped to a PC. While this particular piece of software is not actually malicious, it is pretty bad. It not only hides itself from the user, but also slugs performance, by installing a service that:

...scans the executables corresponding to the running processes on the system every two seconds, querying basic information about the files, including their size, eight times each scan.

It does this not only when you are playing the copy-protected CD, but all the time. If you discover this and want to remove the software, you can't: there is no uninstall. Have a look at what Russinovich needed to do to remove it, and judge for yourself whether the average home user will be able to achieve it.

This is disturbing. Assuming Russinovich has it right, Sony should withdraw these CDs immediately. And it looks like we should be wary of those pesky auto-run installers that accompany some "enhanced" CDs.